-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch auth system to cancan WIP #69
Changes from 30 commits
4432b07
4783ae8
111c219
ddf8018
f6c9b52
a97af7a
172e63c
243f4a1
64be0c8
ccf2593
cd1f6a6
d0163da
d6d93bd
b822543
7544d99
f07c536
2ccba80
a80bc9e
4bb22b5
17d6385
67953fc
77cb3ec
b93b0b2
b3be67d
72032e4
0a4720d
0110d26
47eb1a5
ff7ff47
ff9cc73
ee8fdb4
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,6 @@ | ||
# encoding:UTF-8 | ||
class AlbumsController < ApplicationController | ||
|
||
before_filter :login_required | ||
before_filter :authenticate, only: [:new, :create,:edit,:destroy,:update,:settings,:destroy_images] | ||
load_permissions_and_authorize_resource | ||
before_action :set_edit | ||
before_action :set_album, except: [:index,:new,:create,:settings] | ||
before_action :categories | ||
|
@@ -187,7 +185,7 @@ def update | |
end | ||
private | ||
def authenticate | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It looks like we are using this method everywhere. Can't we move it to application_controller? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Well, as it is now - we wanted to specify which rule was used. For example in the album controller we wanted to check if user was If we change it to application controller with a variable for the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Cancan does this as part of load_and_authorize_resource. So it is already in ApplicationController. We do need to move the access rules to Ability though. |
||
flash[:error] = t('the_role.access_denied') | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Trailing whitespace detected. |
||
redirect_to(:back) unless (current_user) && (current_user.moderator?(:galleri)) | ||
|
||
rescue ActionController::RedirectBackError | ||
|
@@ -213,4 +211,4 @@ def image_params | |
def album_params | ||
params.fetch(:album,{}).permit(:title,:description,:author,:location,:public,:start_date,:end_date,:album_category_ids => [],:subcategory_ids => [],images_parameters: [:id, :foto]) | ||
end | ||
end | ||
end |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,20 @@ | ||
# encoding:UTF-8 | ||
class ApplicationController < ActionController::Base | ||
include TheRole::Controller | ||
protect_from_forgery | ||
|
||
before_filter :configure_permitted_devise_parameters, if: :devise_controller? | ||
before_filter :set_locale | ||
|
||
def access_denied | ||
flash[:error] = t('the_role.access_denied') | ||
redirect_to(:back) | ||
rescue_from CanCan::AccessDenied do |ex| | ||
flash[:error] = ex.message | ||
render text: '', layout: true, status: :forbidden | ||
end | ||
|
||
rescue_from ActionController::RedirectBackError do | ||
redirect_to root_path | ||
end | ||
rescue_from ActiveRecord::RecordInvalid do |ex| | ||
flash[:error] = | ||
"Fel i formulär: #{ex.record.errors.full_messages.join '; '}" | ||
render referring_action, status: :unprocessable_entity | ||
end | ||
|
||
rescue_from ActiveRecord::RecordNotFound do | ||
# translate record not found -> HTTP 404 | ||
|
@@ -23,24 +24,51 @@ def access_denied | |
protected | ||
|
||
def configure_permitted_devise_parameters | ||
devise_parameter_sanitizer.for(:sign_in) {|u| u.permit(:username, :password, :remember_me)} | ||
devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:username, :email, :password, :password_confirmation) } | ||
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :password, :remember_me) } | ||
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation) } | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Line is too long. [115/100] |
||
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:password, :password_confirmation, :current_password) } | ||
end | ||
|
||
def self.permission | ||
name.gsub('Controller', '').singularize.split('::').last.constantize.name rescue nil | ||
end | ||
|
||
def current_ability | ||
@current_ability ||= Ability.new(current_user) | ||
end | ||
|
||
# load the permissions for the current user so that UI can be manipulated | ||
def load_permissions | ||
return unless current_user | ||
@current_permissions = current_user.profile.posts.each do |post| | ||
post.permissions.map { |i| [i.subject_class, i.action] } | ||
end | ||
end | ||
|
||
# Enables authentication and | ||
def self.load_permissions_and_authorize_resource(*args) | ||
load_and_authorize_resource(*args) | ||
before_filter(:load_permissions, *args) | ||
end | ||
|
||
def self.skip_authorization(*args) | ||
skip_authorization_check(*args) | ||
skip_before_filter(:load_permissions, *args) | ||
end | ||
|
||
def set_locale | ||
locale = 'sv' | ||
langs = %w{ sv en } | ||
langs = %w{ sv en } | ||
|
||
if params[:locale] | ||
lang = params[:locale] | ||
if langs.include? lang | ||
locale = lang | ||
locale = lang | ||
cookies[:locale] = lang | ||
end | ||
else | ||
if cookies[:locale] | ||
lang = cookies[:locale] | ||
lang = cookies[:locale] | ||
locale = lang if langs.include? lang | ||
end | ||
end | ||
|
@@ -49,8 +77,7 @@ def set_locale | |
redirect_to(:back) if params[:locale] | ||
end | ||
|
||
def verify_admin | ||
flash[:error] = t('the_role.access_denied') | ||
redirect_to(:root) unless (current_user) && (current_user.admin?) | ||
def referring_action | ||
Rails.application.routes.recognize_path(request.referer)[:action] | ||
end | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Trailing whitespace detected.